Lucene search
K

19 matches found

NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14070

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS0.0039EPSS
Exploits0References5
CVE
CVE
added 2026/01/07 9:21 a.m.13 views

CVE-2025-14070

CVE-2025-14070 – Reviewify (Review Discounts & Photo/Video Reviews for WooCommerce) : The WordPress Reviewify plugin versions up to 1.0.6 are vulnerable due to a missing capability check on the send_test_email AJAX action. This allows authenticated attackers with Contributor-level access or highe...

7.5CVSS6AI score0.0039EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/06 11:10 p.m.6 views

WordPress Reviewify plugin <= 1.0.6 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation vulnerability

Missing Authorization to Authenticated Contributor+ Arbitrary WooCommerce Coupon Creation vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin Reviewify versions = 1.0.6...

7.5CVSS6.8AI score0.0039EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-4815

Malicious code in bioql PyPI...

5.3CVSS9.1AI score0.00363EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/20 8:24 a.m.6 views

CVE-2024-13316

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...

5.3CVSS6.7AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2025/02/18 9:15 a.m.4 views

CVE-2024-13316

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References4
NVD
NVD
added 2025/02/18 9:15 a.m.8 views

CVE-2024-13316

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...

5.3CVSS0.00363EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/18 8:21 a.m.6 views

CVE-2024-13316 Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...

5.3CVSS6.8AI score0.00363EPSS
Exploits0References4
CVE
CVE
added 2025/02/18 8:21 a.m.46 views

CVE-2024-13316

CVE-2024-13316 affects the Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress. The issue is an unauthorized access vulnerability caused by a missing capability check in the apmswn_create_discount() function, present in...

5.3CVSS6.8AI score0.00363EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/02/18 8:21 a.m.11 views

CVE-2024-13316 Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation

The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...

5.3CVSS0.00363EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/02/18 12:0 a.m.4 views

PT-2025-6540 · WordPress · Scratch & Win – Giveaways/Contests

Name of the Vulnerable Software and Affected Versions: Scratch & Win – Giveaways and Contests plugin for WordPress versions up to, and including, 2.8.0 Description: The issue is related to a missing capability check on the apmswn create discount function, allowing unauthorized access. This enable...

5.3CVSS9.4AI score0.00363EPSS
Exploits0References9
Patchstack
Patchstack
added 2025/02/17 10:20 p.m.4 views

WordPress Scratch & Win – Giveaways and Contests plugin <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation vulnerability

Missing Authorization to Unauthenticated Coupon Creation vulnerability discovered by Peter Thaleikis in WordPress Plugin Scratch & Win – Giveaways and Contests versions = 2.8.0...

5.3CVSS7AI score0.00363EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/11 12:0 a.m.5 views

PT-2025-1777 · WordPress · The Coupon X: Discount Pop Up

Name of the Vulnerable Software and Affected Versions: The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress versions up to, and including, 1.3.5 Description: The issue is related to missing capability checks on several functions in the...

5.4CVSS7.2AI score0.00238EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/10/16 12:45 p.m.22 views

CVE-2020-36841 WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation

The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommercecouponadmininit function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates ...

5.3CVSS0.00207EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2024/09/19 2:14 p.m.155 views

Exploit for Cross-Site Request Forgery (CSRF) in Creativeitem Academy_Lms

CVE-2022-47130 Academy LMS = 5.10 CSRF Description Acad...

4.3CVSS5.9AI score0.00617EPSS
Exploits2
Patchstack
Patchstack
added 2024/04/05 5:18 a.m.5 views

WordPress Smart Online Order for Clover plugin <= 1.5.5 - CSRF Leading to Coupon Creation/Modification vulnerability

CSRF Leading to Coupon Creation/Modification vulnerability discovered by thiennv Patchstack Alliance in WordPress Plugin Smart Online Order for Clover versions = 1.5.5...

8.8CVSS7AI score0.00221EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/02/03 1:15 a.m.5 views

CVE-2022-47130

A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page...

4.3CVSS5.8AI score0.00617EPSS
Exploits2References4
CVE
CVE
added 2023/02/03 12:0 a.m.50 views

CVE-2022-47130

CVE-2022-47130 concerns a CSRF vulnerability in the Academy LMS prior to version 5.10 . The issue: an attacker with administrative privileges can trigger a request via a crafted CSRF page, allowing arbitrary creation of discount coupons. Affected component is the web application’s coupon/discount...

4.3CVSS4.7AI score0.00617EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2020/03/04 12:0 a.m.12 views

WordPress WooCommerce Smart Coupons premium plugin <= 4.6.0 - Unauthenticated Coupon Creation vulnerability

Unauthenticated Coupon Creation vulnerability discovered by WordFence in WordPress WooCommerce Smart Coupons premium plugin versions = 4.6.0. Solution Update the WordPress WooCommerce Smart Coupons premium plugin to the latest available version at least 4.6.5...

2.6AI score
Exploits0References2Affected Software1
Rows per page
Query Builder